21 matches found
CVE-2026-48710
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...
CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...
Arbitrary Command Injection
Overview mcp-server-semgrep is a MCP Server for Semgrep Integration - static code analysis with AI Affected versions of this package are vulnerable to Arbitrary Command Injection via the analyzeresults, filterresults, exportresults, compareresults, scandirectory, or createrule functions in the MC...
GHSA-86HP-QXQP-W9WV mcp-server-semgrep has a Command Injection issue
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
PT-2026-36030
Name of the Vulnerable Software and Affected Versions VetCoders mcp-server-semgrep version 1.0.0 Description Remote OS command injection is possible within the MCP Interface component in the file src/index.ts. The issue occurs when the ID argument is manipulated, affecting the functions analyze...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getattr function. An attacker can execute arbitrary code by crafting a malicious pickle file that...
CVE-2023-49198
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true=true=/=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue...
EUVD-2017-18917
Malware in sbrugna...
CVE-2017-20199
A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity...
PT-2024-35246 · Unknown · Basepress Migration Tools
Name of the Vulnerable Software and Affected Versions: BasePress Migration Tools versions 1.0.0 and earlier Description: The issue allows an attacker to upload a web shell to a web server by exploiting an Unrestricted Upload of File with Dangerous Type vulnerability in the BasePress Migration...
PT-2025-2102 · Drupal · Drupal Views Svg Animation
Name of the Vulnerable Software and Affected Versions: Drupal Views SVG Animation versions 0.0.0 through 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can be exploited by a remote attacker to...
PT-2024-33465 · Sovratec · Sovratec Case Management
Name of the Vulnerable Software and Affected Versions: Sovratec Case Management versions n/a through 1.0.0 Description: The issue allows an attacker to upload a web shell to a web server, which can lead to further exploitation. This is due to an Unrestricted Upload of File with Dangerous Type...
CVE-2023-49198 Apache SeaTunnel Web: Arbitrary file read vulnerability
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users...
PT-2024-13693 · Apache · Apache Seatunnel
Name of the Vulnerable Software and Affected Versions: Apache SeaTunnel version 1.0.0 Description: A security issue in Apache SeaTunnel allows attackers to read files on the MySQL server by modifying the information in the MySQL URL. The issue can be exploited by setting specific parameters in th...
CVE-2023-48396 Apache SeaTunnel Web: Authentication bypass
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...
Arbitrary Code Execution
Overview dom-iterator is a feature-rich, well-tested Iterator for traversing DOM nodes. Affected versions of this package are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care mus...
PT-2023-33071 · Surrealdb · Surrealdb
Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.0.1 SurrealDB version 1.1.0-beta.1 and earlier nightly releases are not affected as they already include the patch. Description: The issue arises from default table permissions in SurrealDB being set to FULL...
PT-2023-10298 · WordPress · Wds Multisite Aggregate Plugin
Name of the Vulnerable Software and Affected Versions: WDS Multisite Aggregate Plugin versions up to 1.0.0 Description: A problematic issue was found in the WDS Multisite Aggregate Plugin, affecting the update options function of the file includes/WDS Multisite Aggregate Options.php. This issue...
PT-2023-10283 · WordPress · Icons For Features Plugin
Name of the Vulnerable Software and Affected Versions: Icons for Features Plugin version 1.0.0 Description: A problematic issue has been found in the Icons for Features Plugin on WordPress, affecting some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulati...
PT-2020-19746 · Npm · Worksmith
Name of the Vulnerable Software and Affected Versions: worksmith versions prior to 1.0.1 Description: The issue concerns Prototype Pollution via the setValue function. This affects all versions up to and including 1.0.0 of the worksmith package. Recommendations: For versions prior to 1.0.1, updat...